For
an ancient linear/procedural dinosaur like myself,
it is
interesting to see the difference between the prehistoric
API
(Application Programming Interface) library documentation
and the
descriptions of the new object-oriented classes. Older
books were
full of icky things such as usage syntax and required
parameters.
While this work does contain some sample code, generally
with comments
that merely repeat what is obvious from the name of the
method, most
of the material simply consists of mentioning that the
methods and
classes exist. I can only wonder at the marvels of the
new age of
programming, where everything is so "intuitive" that
correct coding is
automatic and inevitable.
Chapter
one states that this book is intended for programmers
who are
interested in the security and cryptographic aspects
of .NET, and is
otherwise a meandering overview of security, with many
gaps. The
material on the fundamentals of cryptography that we
are given in
chapter two consists of a lot of (very old) history and
sample code
for some simplistic (and outdated) ciphers, but has little
content on
the basics of modern cryptography. Most of the text on
symmetric
cryptography, in chapter three, incorporates a listing
of .NET
cryptographic classes and methods in paragraph form.
The modes of DES
(the Data Encryption Standard) are described, but with
confusing
figures, and an odd perspective on the stream modes that
seems to
imply that the modes are only for small pieces of data.
Chapter four,
on asymmetric cryptography, has flip explanations of
the theory, but
an interesting example using the RSA algorithm, rather
than the more
usual Diffie-Hellman. This illustration would be handy
for
instructors teaching about the subject, but non-specialist
readers of
the book may find it confusing, and less than compelling.
Hybrid
symmetric/asymmetric systems are interpreted very awkwardly.
The development of modification
checks from hashes to keyed hashes to
digital signatures is covered in chapter five, but tersely
and poorly.
Chapter six, on XML, is basically a listing of XML related
methods,
including a nine page printout of almost completely uncommented,
and
entirely unexplained, code. User-based security is apparently
a new
term for the APIs and classes related to good old access
control lists
(ACLs), in chapter seven. Code access security, in chapter
eight,
appears to be a complex expansion of the Authenticode
ideas. Chapter
nine reprises much of the previous material, emphasizing
authentication (which is not properly defined, and confused
with
identification). Chapter ten relates a great deal of
the foregoing to
the Web.
Oddly,
the text seems to provide ample evidence that the authors
actually do know the mathematical underpinnings of cryptography:
they
just don't write about it very well. The material provides
examples
found in almost no other books on the subject, such as
the RSA
illustration on pages 109 to 113, the modular arithmetic
foundations
of digital signatures on pages 142-3, and the outline
of the DSA
(Digital Signature Algorithm) on pages 144 to 147. However,
you will
have to be quite competent in mathematical concepts in
order to obtain
any value from this material: the explanations in the
text are clumsy
and do not include sufficient background information
to assist non-
specialist readers.
While
the book is poorly written and most of the content
is of little
use, there are tidbits that may make it worth having.
If you are a
crypto teacher.
copyright Robert M. Slade, 2003 BKNTSCCR.RVW 20030906
|
